Privacy Policy

Effective date: 01JUN25
Entity: Flavian Enterprises Inc(“Flavian”, “we”, “us”, “our”)
Website: flavian.so and subdomains (the “Site”)

This Policy explains how we collect, use, disclose, and protect information about visitors to our Site, prospective customers, vendors, and our clients’ representatives. It does not cover our employees/contractors (ask us for that notice).

1) Information we collect

a) You provide to us

  • Contact details (name, work email, phone, employer, role)
  • Messages and forms (inquiries, RFPs, support tickets)
  • Contract/account data (billing contact, service addresses)
  • Preferences (communication and scheduling)

b) Collected automatically

  • Usage data (pages viewed, timestamps, referrers, general location)
  • Device/tech data (IP address, browser, OS)
  • Cookies/identifiers (for analytics, security, and preferences)
  • Telephony metadata when you call us (caller ID, time/duration, IVR selections). We may record support or sales calls where permitted by law; we announce or obtain consent where required.

c) From third parties

  • Lead/contact enrichment (business email/role)
  • Anti-fraud/KYB/KYC checks (business registry, sanctions screening)
  • Referral and advertising partners (campaign/UTM data)

We do not seek to collect sensitive personal information through the Site. Please don’t submit health records, payment card numbers, government IDs, or other sensitive data via open web forms.

2) How we use information

  • Provide, operate, and improve the Site and our services
  • Respond to inquiries; schedule and conduct meetings
  • Set up accounts, quotes, and statements of work
  • Security, fraud prevention, and integrity monitoring
  • Legal/regulatory compliance (e.g., export controls, do-not-call rules)
  • Marketing with your consent or as permitted by law (you can opt out anytime)
  • Aggregated analytics and reporting (de-identified)

Healthcare & defense context. We support regulated customers. We do not handle ePHI by default. If a project requires HIPAA-regulated data, we do so only under a Business Associate Agreement (BAA) and agreed controls. We do not accept ITAR/EAR-controlled technical data or CUI via public forms or email; such data, if in scope, requires a written agreement and a technology control plan.

3) Legal bases (EEA/UK visitors)

Where GDPR/UK GDPR applies, our bases include: contract (Art. 6(1)(b)), legitimate interests (6(1)(f)) such as security and B2B marketing, consent (6(1)(a)) where required (e.g., certain cookies), and legal obligation (6(1)(c)).

4) How we share information

We share personal information only as needed to run the business:

  • Service providers/processors (hosting, email, CRM, analytics, telecom)
  • Professional advisers (legal, compliance, accounting, security)
  • Compliance & law (to meet legal requests or enforce agreements)
  • Business transfers (merger, acquisition, asset sale)
  • With your direction/consent

We do not sell personal information and do not share it for cross-context behavioral advertising as defined by the California Consumer Privacy Act (CCPA/CPRA). We may use first-party analytics and limited third-party tools; see Cookies below.

5) Cookies and analytics

We use cookies and similar technologies for:

  • Essential (security, load balancing, form submission)
  • Analytics (understand Site performance and improve UX)
  • Preferences (remember settings)

You can control cookies in your browser. If we display a cookie banner, it will let you manage non-essential cookies. Disabling cookies may limit some features.

6) Retention

We keep personal information only as long as needed for the purposes above and to comply with laws and contracts. Typical defaults:

  • Site analytics: ~13–24 months (aggregated thereafter)
  • Marketing contact data: until you opt out or after a period of inactivity
  • Contracts, invoices, and compliance records: up to 7 years
  • Call recordings (if any): [90 days] unless a longer period is required by law or contract

7) Security

We apply administrative, technical, and physical safeguards appropriate to the data and risk (access controls, least-privilege, encryption in transit, logging, and incident response). No method of transmission or storage is 100% secure.

8) International transfers

We primarily process data in the United States. If data is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) where required.

9) Your choices and rights

  • Marketing: unsubscribe via any email footer or email privacy@flavian.so.
  • SMS/Calls: reply STOP to SMS; ask us to place your number on our internal Do-Not-Call list.
  • Cookies: manage via our banner (where available) or your browser.

Where applicable law grants rights (e.g., EEA/UK, certain U.S. states), you may request:

  • Access, correction, deletion, or portability of your personal information
  • Restriction or objection to certain processing
  • Appeals of denied requests
  • Filing a complaint with a supervisory authority

Submit requests to privacy@flavian.so and we’ll verify and respond as required.

10) Children

The Site is for business use and not directed to children. We do not knowingly collect personal information from anyone under 16.

11) Third-party links

Our Site may link to third-party websites or services we don’t control. Their privacy practices govern those properties.

12) HIPAA and regulated data reminder

Unless a BAA or specific contract says otherwise, do not send any Protected Health Information (PHI), CUI, or export-controlled technical data via public forms, chat, or email. Contact security@flavian.so to arrange a secure channel if needed.

13) Changes to this Policy

We may update this Policy from time to time. The “Effective date” above reflects the latest version. Significant changes will be announced on the Site.

14) Contact us

Questions or requests about privacy?
Email: privacy@flavian.so
Security contacts & responsible disclosure: security@flavian.so